ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brandon Goodin <brandon.goo...@gmail.com>
Subject Re: string substitution example/docs
Date Fri, 15 May 2009 21:14:44 GMT
Yeah, it's definitely handy for that.
Brandon

On Fri, May 15, 2009 at 4:08 PM, Alin Popa <alin.popa@gmail.com> wrote:

> Thanks Brandon,
>
> I didn't know if I need to pass the literal in a special way, but it
> seems that is pretty straight forward.
> Regarding public access to that literal, of course, it's a private
> place where this will be done.
> My need for that string substitution is to add dynamic pieces of SQL
> into already existing ones.
>
> On Sat, May 16, 2009 at 12:02 AM, Brandon Goodin
> <brandon.goodin@gmail.com> wrote:
> > There isn't much to say. $blah$ is a literal whereas #blah# will convert
> to
> > a ? for the prepared statement.
> >
> > say you have a property of id on Person and set its value to 1
> >
> > public class Person {
> >   private Integer id;
> >   //getter/setter
> > }
> >
> > If you use the following syntax in your mapped statement:
> > select name from person where id = #id#
> >
> > ibatis will convert the #id# to a ? for use in the prepared statement:
> > select name from person where id = ?
> >
> > if on the other hand you used the $id$ ibatis would pass the following to
> > the prepared statement
> > select name from person where id = 1
> >
> > The obvious caution here is that the $literal$ syntax should never be
> > utilized in a place that the public can alter it. You open yourself to
> SQL
> > injection risks. In other words don't take a value that is passed in from
> a
> > web page and assign it in your SQL as s literal.
> >
> > Brandon
> >
> >
> > On Fri, May 15, 2009 at 3:52 PM, Alin Popa <alin.popa@gmail.com> wrote:
> >>
> >> Hi,
> >>
> >> There is a place where I can find some documentation/examples/links
> >> related to string substitution in ibatis ? ($substitution$ thingy
> >> ....)
> >> In the official pdf documentation I didn't find anything about it;
> >> also google didn't helped much.
> >>
> >> Thanks,
> >> Alin
> >
> >
>
>
>
> --
> Best Regards,
>
> Alin
>

Mime
View raw message